Analysis of computer systems with respect to security and performance has proven useful during development and design of associated applications. For example, it can be particularly advantageous to update the systems' security analysis during lifetime of the system software and related applications. Conventionally, the application life cycle lacks security engineering and analysis thereby prompting retroactive measures to address identified security attacks and issues.
Today, when developing an application, it is oftentimes difficult to predict how the application will react under real-world conditions. Put differently, it can become difficult to predict security vulnerabilities of an application prior to and during development and/or before completion. Frequently, upon completion, a developer will have to modify the application or the system itself, to adhere to real-world conditions and threats of attacks. Such modifications can consume many hours of programming time and delay application deployment; hence increasing related expenses.
Traditionally, security designs for systems and applications security are oftentimes random and inefficient. Accordingly, applications and data associated therewith can become vulnerable to threats and malicious attacks. In general, software practitioners lack an expertise to effectively predict system vulnerabilities and associated attacks. For example, despite best efforts by system designers, network communications are continuously hacked and spied upon, and valuable information stolen regularly. Private networks run the risk of unauthorized access, wherein stolen data can relate to confidential business, financial and personal information, for example.
While some threats and attacks can be estimated with some crude level of certainty, for many threats such is not the case. For those security criterions that can be estimated prior to development, this estimate most often requires substantial amount of research and guesswork in order to most accurately determine the criterion. Such conventional guesswork approach for security analysis typically lacks any founded benchmark. Moreover, these conventional approaches are not in general effective or systematic.
Rather, conventional security approaches are based upon a trial-and-error mechanism. In other words, traditional systems tend to be reactive as users lack the expertise necessary to formulate a proactive security mechanism. As such, these traditional trial-and-error approaches lead to costly interruptions and expensive programming time in order to rectify issues as they arise.
Accordingly, traditional security patching of systems do not proactively (and efficiently) address security issues from the beginning to the end during system life time. Hence, developers often find themselves addressing security and performance issues after the fact—after development is complete. This retroactive modeling approach is extremely costly and time consuming to the application life cycle.
Moreover, conventional security policies are “imperative”. They enumerate a set of system parameters and associate them with their recommended values. In this model, policy configuration involves setting all the system parameters to their recommended values. However, this model suffers from a major drawback, wherein security policy managers need to define separate policies for each acceptable combination of system parameters, and as a result end up with a large number of policies.
In addition, benchmark based models define the policy as a set of rules in form of expression trees. System parameter checks are the leaf nodes in the expression trees. During security state analysis every expression tree is evaluated to determine the pass/fail status of the rules. A score based on the passing rules can be assigned to the benchmark indicating the security compliance level of the machine. This model can express multiple acceptable security configurations in the same policy document and performs relatively well for analyzing compliance. However, it can complicate tasks of generating configuration/remediation steps to bring a machine to an acceptable state of compliance.